permission problems w/ ordinary user ....
Mike Clarke
jmc-freebsd2 at milibyte.co.uk
Sun Aug 3 09:27:05 UTC 2014
On Saturday 02 August 2014 18:59:09 William A. Mahaffey III wrote:
> On 08/02/14 18:45, Roland Smith wrote:
> > On Sat, Aug 02, 2014 at 06:28:47PM -0500, William A. Mahaffey III
wrote:
[snip]
> >> I can ssh in as root no sweat
> >
> > Yikes. That is usually the first thing I'd disable!
> >
> >
> > Roland
>
> I do that (easy root login) on purpose, my LAN is not internet
> exposed (except when I'm browsing)
You can make things a bit more secure by requiring ssh keys instead of
a password for remote access.
Use ssh-keygen to generate your keys then append your ~/ssh/id_rsa.pub
to /root/.ssh/authorized_keys on the machine where you need root
access.
Then make these changes to /etc/ssh/sshd_config on the remote machine
and restart sshd.
--- /usr/src/crypto/openssh/sshd_config 2013-01-12 13:21:39.235909173
+0000
+++ /etc/ssh/sshd_config 2013-01-12 13:20:23.078909059 +0000
@@ -45,4 +45,5 @@
#LoginGraceTime 2m
#PermitRootLogin no
+PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
@@ -64,5 +65,5 @@
# Change to yes to enable built-in password authentication.
-#PasswordAuthentication no
+PasswordAuthentication no
#PermitEmptyPasswords no
NB. If you don't have physical access to the remote machine then be
very careful not to make any mistakes which could lock you out of it.
In particular make sure you have set up your keys and edited
/root/.ssh/authorized_keys correctly before reconfiguring sshd. To be
on the safe side confirm that you can make a successful remote login
from another terminal window before closing your current remote
session.
--
Mike Clarke
More information about the freebsd-questions
mailing list